- changed status to closed
SQL Statement needs $wpdb->prepare() added.
Issue #21
closed
Looks like there's another SQL statement that we need to protect in the paypal_ipn_for_wordpress_exist_post_by_title() function.
$post_data = $wpdb->get_col("SELECT ID FROM wp_posts WHERE post_title = '{$ipn_txn_id}' AND post_type = 'paypal_ipn' ");
Need to protect this from SQL injection the way we did the other.
Comments (2)
-
reporter -
reporter - removed milestone
Removing milestone: 1.0 (automated comment)
- Log in to comment